September 14, 2018 Student.exe Zero day

ISSessions – 2018-09-14
This week’s ISSessions meetup details:
Date: 2018-09-14
Time: 19:00 – 20:30
Location: Room J102 (Confirmed), Sheridan Trafalgar Campus, Oakville
Agenda
19:00 – Infosec News Roundup and Open Discussion with your hosts John and Nick
19:45 – Welcome to InfoSec with John
20:30 – Wrap and refreshments (across the street at the pub)
Hello everyone,

We’re back! A new school year is starting and that means a new batch of ISSessions. This Friday, September 14th will be our first meeting of the year and we’re happy to say that we have a speaker lined up for you.

Following our usual news roundup and discussion, John will be giving his annual Welcome to InfoSec talk. John is a graduate of the program and is a Vulnerability Researcher at Trend Micro. He’ll be speaking about the wide, wide world of InfoSec, and how to survive the program! It’s a great talk, especially if you’re new to the program, so you don’t want to miss it!

We’d also like to take a moment to welcome everyone back for another year. You guys help make ISSessions what it is, so we’re very happy to have you back.

That’s it for now, we hope to see you out there,

-ISSessions

Code of Conduct – CTF 2018

Code of Conduct
===============

Our goal is to bring the Local InfoSec community together for a conference
about the excitement, joy, and surprise of Information/Cyber Security.

We value the participation of each member of the community and want
all attendees to have an enjoyable and fulfilling experience.
Accordingly, all attendees are expected to show respect and courtesy
to other attendees throughout the conference and at all conference
events, whether officially sponsored or not.

All attendees, speakers, exhibitors, organizers and volunteers at any
event are required to observe the following Code of Conduct. 
Organizers will enforce this code throughout the event. 

The Short Version
-----------------

ISSessions is dedicated to providing a harassment-free conference
experience for everyone, regardless of gender, sexual orientation,
disability, physical appearance, body size, race, religion, or
anything else. We do not tolerate harassment of conference
participants in any form.

All communication and behaviours should be appropriate for a
professional audience including people of many different backgrounds.
Sexual language and imagery is not appropriate for any conference
venue, including talks.

Be kind to others. Do not insult or put down other attendees. Behave
professionally. Remember that harassment and sexist, racist, or
exclusionary jokes are not appropriate at ISSessions.

Attendees violating these rules may be asked to leave at the sole
discretion of the conference organizers.

Thank you for helping make this a welcoming, friendly event for all.


The Longer Version 
------------------

Harassment includes offensive verbal comments related to gender,
sexual orientation, disability, physical appearance, body size, race,
religion, sexual images in public spaces, deliberate intimidation,
stalking, following, harassing photography or recording, sustained
disruption of talks or other events, inappropriate physical contact,
derisive comments regarding technical background, and unwelcome sexual
attention.

Participants asked to stop any harassing behavior are expected to comply immediately.

Be careful in the words that you choose. Remember that sexist, racist,
and other exclusionary jokes can be offensive to those around you.
Excessive swearing and offensive jokes are not appropriate for ISSessions

If a participant engages in behavior that violates the anti-harassment
policy, the conference organizers may take any action they deem
appropriate, including warning the offender or expulsion from the
conference. 

Social Rules
------------

In addition to having a code of conduct as an anti-harassment policy,
we have a small set of social rules we follow. We (actually Max)
learned and lifted these rules from Hacker School, where we felt that
they contributed enormously to a supportive, productive, and fun
learning environment. We'd like ISSessions to share that environment. These
rules are intended to be lightweight, and to make more explicit
certain social norms that are normally implicit. Most of our social
rules really boil down to “don't be a jerk“ or “don't be annoying.” Of
course, almost nobody sets out to be a jerk or annoying, so telling
people not to be jerks isn't a very productive strategy.

Unlike the anti-harassment policy, violation of the social rules will
not result in expulsion from the conference or a strong warning from
conference organizers. Rather, they are designed to provide some
lightweight social structure for conference attendees to use when
interacting with each other. We also believe that if we all learn from
these social rules we can make the infosec community a more positive
and healthy environment for everyonw and we wish to share them with you.

[The social rules](https://www.hackerschool.com/manual#sub-sec-social-rules)

If you have any questions about any part of the code of conduct or
social rules, please feel free to reach out to any of the conference
organizers.


Questions 
---------

If you have any questions about any part of the code of conduct or
social rules, please feel free to reach out to any of the organizers. 

Contact Information 

If you are being harassed, notice that someone else is being harassed,
or have any other concerns, please contact a member of conference
staff (they’re wearing green buttons).

Conference staff will be happy to help participants contact local law
enforcement, provide escorts, or otherwise assist those experiencing
harassment to feel safe for the duration of the conference. We value
your attendance. 

License 
-------

The ISSessions code of conduct is under a [Creative Commons
Zero](http://creativecommons.org/about/cc0) and has been forked from the 
The BSides Toronto Code of Conduct is under a [Creative Commons
Zero](http://creativecommons.org/about/cc0) license. It was forked
from the [!!Con 2014 Code of Conduct](http://bangbangcon.com/conduct.html) 
which was forked from the [PyCon 2013 Code of Conduct](https://us.pycon.org/2013/about/code-of-conduct/), 
which is licensed under a [Creative Commons Attribution 3.0 Unported License](http://creativecommons.org/licenses/by/3.0/),
and which itself was forked from an [example policy from the Geek Feminism wiki, created by the Ada Initiative and other volunteers](http://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy)
and available under a Creative [Commons Zero license](http://creativecommons.org/about/cc0).

April 6, 2018 News

https://www.itworldcanada.com/article/canadian-mandatory-breach-notification-starts-november-1-no-regulations-yet/403558
https://krebsonsecurity.com/2018/04/secret-service-warns-of-chip-card-scheme/
https://www.theregister.co.uk/2018/04/05/billions_files_exposed_aws_ftp_wide_open/
https://www.theregister.co.uk/2018/03/30/us_government_travelers_social_media/
https://www.theregister.co.uk/2018/03/28/iot_software_still_insecure/
https://www.theregister.co.uk/2018/03/27/baltimore_911_problems_blamed_on_hacking_attack/
https://www.theregister.co.uk/2018/03/27/exploit_kit_decline/
https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/
https://www.forbes.com/sites/thomasbrewster/2018/03/22/yes-cops-are-now-opening-iphones-with-dead-peoples-fingerprints/#14dda8a2393e
https://www.wired.com/story/monero-privacy/
https://www.lightbluetouchpaper.org/2018/03/26/tracing-stolen-bitcoin/
https://arstechnica.com/gadgets/2018/04/google-bans-cryptomining-chrome-extensions-because-they-refuse-to-play-by-the-rules/
https://www.schneier.com/blog/archives/2018/03/facebook_and_ca.html
https://www.theregister.co.uk/2018/03/29/facebook_to_extend_bug_bounty_to_cover_data_leakage_from_apps/